Cybercrime

The historical development of spam fighting is allowing computer-aware criminals to take the upper hand in the fight against what has now evolved into a completely technologically and organizationally merged threat to public safety. If we do not change our strategic approach immediately, the battle, indeed even the war may be all but lost... Of late, much has been said in the popular and computer press about a vector that is annoying, but hardly critical in nature: 'Image spam'. Spammers have jumped on the new technology of 'image-only' payloads, which morph one pixel per message, rendering them unique, and traditional check-sum blocking strategies ineffective... Fortunately this fraudulent stock-touting scheme leaves a paper trail that has allowed for some successful prosecutions in the latter half of the year. Stock spamming, while popular at present time is likely to decline as legal actions increase... more»

Larry Seltzer wrote an interesting article for eWeek, on port 25 blocking, the reasons why it was being advocated, and how it would stop spam. This quoted an excellent paper by Joe St.Sauver, that raised several technically valid and true corollaries that have to be kept in mind when blocking port 25 -- "cough syrup for lung cancer" would be a key phrase... Now, George Ou has just posted an article on ZDNET that disagrees with Larry's article, makes several points that are commonly cited when criticizing port 25 blocking, but then puts forward the astonishing, and completely wrong, suggestion, that worldwide SPF records are going to be a cure all for this problem. Here is my reply to him... more»

Following a post on the DomainState forum today, a number news and blogs have criticized Network Solutions for front running domain names that customers try to register. (See for instance today's report on DomainNameNews). Jonathon Nevett, Vice President of Policy at Network Solutions, has offered the following in response to the news break... more»

Most new domain names are malicious. I am stunned by the simplicity and truth of that observation. Every day lots of new names are added to the global DNS, and most of them belong to scammers, spammers, e-criminals, and speculators. The DNS industry has a lot of highly capable and competitive registrars and registries who have made it possible to reserve or create a new name in just seconds, and to create millions of them per day. Domains are cheap, domains are plentiful, and as a result most of them are dreck or worse. more»

One fine night in November 2011 I got an opportunity to get my hands dirty, working on a project for the United States Federal Bureau of Investigation (FBI). They were planning to seize a bunch of computing assets in New York City that were being used as part of a criminal empire that we called "DNS Changer" since that was the name of the software this gang used to infect a half million or so computers. more»

So Domain Tasting, where registrants (who may also be registrars) taste names and keep only those that have economic value, is now the target of a federal cybersquatting lawsuit, brought about by lawyers for major brand name retailers Neiman Marcus and Bergdorf Goodman against major domain name registrar Dotster. This Dotster lawsuit involves allegations of cybersquatting by registrars who use the Create Grace Period, which is mandated by ICANN for global registries... more»

DNS root servers function as part of the Internet backbone, as explained in Wikipedia, and have come under attack a number of times in the past -- although none of the attacks have ever been serious enough to severely hamper the performance of the Internet. In response to some of the common misconceptions about the physical location and total number of DNS root servers in the world, Patrik Faltstrom has put together a visual map on Google, pin-pointing the approximate location of each server around the world. more»

There are now several different courts of appeals that have upheld the right of individuals to post a non-commercial website using the domain name www.company.com, and there are as yet NO appellate decisions that forbid such websites outside the context of the serial cybersquatter who tries to erect a so-called gripe site as a CYA measure after being sued. In fact, it seems to me that we are getting close to the point where companies that sue over such websites have to consider seriously the possibility that they will not only lose the suit, but face a malicious prosecution action... more»

In the case of Lands' End, Inc. v. Remy, the defendant website owners were accused of crafting a clever scheme to get some extra commissions from their affiliate relationship with landsend.com. It looks like the scheme has backfired, however, as Lands' End's claim against the defendants under the Anticybersquatting Consumer Protection Act, [15 U.S.C. §1125(d)] ("ACPA") has survived a summary judgment motion and the case is heading for trial. more»

VoIP is here to stay. In fact many incumbent telecommunication carriers have started offering VoIP service for sometime and several new VoIP service providers have emerged. Aside from issues such as quality of service, the aspect of security, or lack thereof, is misunderstood by some of the VoIP service providers. This purpose of this article is to discuss two of the most well known attacks that can be carried out in current VoIP deployments. more»

Everyone is probably well aware of the Kashpureff-style DNS cache- poisoning exploit (I'll call this "classic cache poisoning"). For reference, see the original US-CERT advisory prompted by this exploit. Vendors patched their code to appropriately scrub (validate) responses so that caches could not be poisoned. For the next 7-8 years, we didn't hear much about cache poisoning. However, there was still a vulnerability lurking in the code, directly related to cache poisoning. ...On April 7, 2005, the SANS ISC (not to be confused with Internet Systems Consortium) posted an update detailing how Microsoft Windows DNS servers were still being poisoned, even though the "Secure cache against pollution" option was set. The SANS ISC found that Windows DNS servers using BIND4 and BIND8 servers as forwarders were being poisoned. But how could this be? more»

One of the bigger news stories is that of 10,000 usernames and passwords of Hotmail users were posted this past week, victims of a phishing scam... It seems unlikely to me that this would be a hack where someone would break into Hotmail's servers and access the account information that way. It is much more likely that the spammers got the information by social engineering. Why is this more likely? For one, they'd have to get past all of the firewalls and security measures that Microsoft/Hotmail have to keep intruders out. more»

"The Root Server is a Scarce Resource" is the focus of part one of a three-part series based on a study prepared by Karl M. Manheim, Professor of Law at Loyola Law School and Lawrence B. Solum, Professor of Law at University of San Diego. Special thanks and credit to Hastings Communications and Entertainment Law Journal, Vol. 25, p. 317, 2004. ...We begin our analysis of domain name policy with a brief excursion into economics. Economics cannot answer all of the questions raised by domain name policy. First, domain name policy must answer to the discipline of network engineering. A useful domain name system must work, and the functionality, scalability, reliability, and stability of the system are determined by the soundness of its engineering. Second, domain name policy must answer to public policy. The Internet is a global network of networks, and Internet policy is answerable to a variety of constituencies, including national governments, the operators of the ccTLDs, Internet Service Providers, information providers, end users of the Internet, and many others. more»

As an alternative to the creation of the .XXX TLD, ICANN/IANA can assign special port numbers that can be used to label adult content. IANA assigns port numbers as part of its duties. For example, port 80 is reserved for the HTTP protocol (i.e. the World Wide Web). Port 443 is reserved for the HTTPS protocol (SSL-secure version of HTTP). Port 23 is for Telnet, port 25 is for SMTP, and so on. One can see the full list at here... In a real sense, the IANA port assignments are just suggestions to the world as to what to expect on certain ports, whether it be a mail server, WHOIS, FTP, POP email or any other service/protocol. more»

A group of leading DNS experts have released a paper detailing serious concerns over the proposed DNS filtering requirements included as part of the bill recently introduced in the U.S. Senate named Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 ("PROTECT IP Act"). The group who is urging lawmakers to reconsider enacting such a mandate into law, includes leading DNS designers, operators, and researchers, responsible for numerous RFCs for DNS, publication of many peer-reviewed academic studies related to architecture and security of the DNS, and responsible for the operation of important DNS infrastructure on the Internet. more»